File: /home/xedaptot/ai.naniguide.com/app/Policies/SendingServerPolicy.php
<?php
namespace App\Policies;
use Illuminate\Auth\Access\HandlesAuthorization;
use App\Model\SendingServer;
use App\Model\User;
/**
* SendingServerPolicy — ownership + RBAC only.
*
* Plan-state checks (HAS_OWN_SENDING_SERVER entitlement, MAX_SENDING_SERVERS quota,
* HAS_ALL_SENDING_SERVER_TYPES) belong to the Gate layer
* (EntitlementGate / QuotaGate) and are called at the controller boundary.
*/
class SendingServerPolicy
{
use HandlesAuthorization;
public function read(User $user, SendingServer $item, $role)
{
switch ($role) {
case 'admin':
return $user->admin->getPermission('sending_server_read') != 'no';
case 'customer':
return $user->hasPermission('sending_server.full_access')
|| $user->hasPermission('sending_server.read_only');
}
return false;
}
public function readAll(User $user, SendingServer $item, $role)
{
switch ($role) {
case 'admin':
return $user->admin->getPermission('sending_server_read') == 'all';
case 'customer':
return false;
}
return false;
}
public function create(User $user, $role)
{
switch ($role) {
case 'admin':
$can = $user->admin->getPermission('sending_server_create') == 'yes';
$limit = app_profile('sending_server.limit');
if (!is_null($limit)) {
$can = $can && (SendingServer::system()->count() < $limit);
}
return $can;
case 'customer':
if (!$user->hasPermission('sending_server.full_access')) {
return false;
}
// Plan-state (entitlement + quota) checked via Gate at controller.
$limit = app_profile('sending_server.limit');
if (!is_null($limit) && $user->customer->sendingServers()->count() >= $limit) {
return false;
}
return true;
}
return false;
}
public function update(User $user, SendingServer $item, $role)
{
switch ($role) {
case 'admin':
$ability = $user->admin->getPermission('sending_server_update');
return $ability == 'all' || $ability == 'own';
case 'customer':
if (!$user->hasPermission('sending_server.full_access')) {
return false;
}
// Ownership check only
return $user->customer->id == $item->customer_id;
}
return false;
}
public function delete(User $user, SendingServer $item, $role)
{
switch ($role) {
case 'admin':
$ability = $user->admin->getPermission('sending_server_delete');
return $ability == 'all' || $ability == 'own';
case 'customer':
if (!$user->hasPermission('sending_server.full_access')) {
return false;
}
return $user->customer->id == $item->customer_id;
}
return false;
}
public function disable(User $user, SendingServer $item, $role)
{
switch ($role) {
case 'admin':
$ability = $user->admin->getPermission('sending_server_update');
$can = $ability == 'all' || $ability == 'own';
break;
case 'customer':
if (!$user->hasPermission('sending_server.full_access')) {
return false;
}
$can = $user->customer->id == $item->customer_id;
break;
default:
$can = false;
}
return $can && $item->status != "inactive";
}
public function enable(User $user, SendingServer $item, $role)
{
switch ($role) {
case 'admin':
$ability = $user->admin->getPermission('sending_server_update');
$can = $ability == 'all' || $ability == 'own';
break;
case 'customer':
if (!$user->hasPermission('sending_server.full_access')) {
return false;
}
$can = $user->customer->id == $item->customer_id;
break;
default:
$can = false;
}
return $can && $item->status != "active";
}
public function test(User $user, SendingServer $item, $role)
{
return $this->update($user, $item, $role) || !isset($item->id);
}
}